By studying the information in the screenshot above, you’d understand that anyone could access (and do whatever they want to) your site if you gave them permission to. For instance, you definitely don’t want a 7 for the last number of any of your configuration or control files, like wp-config.php. 777, the most permissive (least secure) settings, is dangerous.

What should my permissions be?

Firstly, we need to know what our permissions are. Secondly, we need to know if they’re correct and, if not, how to apply the proper permissions to secure our site while leaving it usable to our beloved visitors.

General rule of thumb: Folders set to 755 or 750. Files set to 644 or 640. Important files (wp-config.php) should have more strict permissions like 600.

Once installed (only works for Linux-based servers, not Windows-based servers), you can navigate to Settings -> File Permission Checker. After a few minutes, your results will appear. They will be grouped by WordPress folders (/, /wp-admin, /wp-content, and /wp-includes), as displayed below.

Plugin Screenshots

Here are some screenshots of the plugin in action on a for-testing-purposes-only website (i.e. don’t copy these settings; they’re just screenshots, not recommendations). Each line shows a folder’s or file’s permissions and, for your convenience, size on disk: